How to be an Easy Hacker Target
One of the most publicized items of the U.S. election (other than Trump’s alleged sexually inappropriateness), is the hacking of Hillary Clinton’s private server.
I’m actually surprised that this hasn’t gotten more press than it has, given the highly sensitive data & emails that have been leaked. But, that aside, how did this happen? How was this allowed to happen?
John Podesta is the Chairman of the 2016 Hillary Clinton presidential campaign (he also previously served as Chief of Staff to President Bill Clinton, and Counselor to President Barack Obama). Podesta fell for simple social engineering. He fell for one of the most common phishes that we see – a Google credentials phish.
In Podesta’s case, the bad guys used a bit.ly link – something else we see all the time. And the landing page for the credentials phish, probably looked similar to the one below:
How To Make Yourself an Easy Phishing Target:
- Use a terrible password. Use a common, easy-to-remember (ie. easy-to-guess) password.
- Re-use that same password for multiple sites and/or accounts.
- Share your password with your coworkers, and/or assistants.
- Ask an assistant to email you your password when you forget it.
- Not turning on two-factor authentication
- Not changing passwords after one account was known to be compromised.